Pages

Friday, October 06, 2017

I was recently tasked with updating an embedded application that we use from Apache Tomcat 8.0.0 RC5. Yes, the project used a release candidate when it was created. I imagine it was like a number of projects where the project was being developed and the expectation was that Apache Tomcat 8.0 would be released and that they would update everything. Well that temporary solution became a permanent one. Years passed and finally a security audit brought to light that the application was out of date, and on further observation a release candidate was used.

I went back and looked at RC5, and subsequent versions including release notes. Release candidate 5 was very similar to Apache Tomcat 7. In fact, the same authentication was used. This changed in the actual 8.0 release where a new authentication mechanism was put into place. This change may have prevented those early adopters from updating the project since the authentication mechanism would have delayed the project since the internals would have needed a rewrite.

I was blessed with upgrading the project, but I also needed to look at using the latest stable version of Apache Tomcat 8.5.x. After trying out some of the new code I was pleasantly surprised at how easy it was to implement a very simple application in Apache Tomcat 8 embedded.

One of the items I really like is the ability to programmatically add various web objects like servlets to the container. It was slick and easy to accomplish. Think of it like a programmatic web.xml file.